At my workplace we use cisco switches to a implement a custom traffic delivery mechanism at layer 2. Custom software puts specific destination macs on ethernet frames and vlans segregate the traffic to different locations while static mac-address table entries are made to direct it to specific ports. The whole delivery system is fairly static so it works reasonably well for us. I didn't create it, but I understand it reasonably well.
Now I'm trying to understand it just a bit better as I see some odd behavior by the switches. I have two ports:
gi1/10
switchport mode access vlan 10
gi1/20
switchport mode trunk
switchport trunk allowed vlan 10-13
and two user-entered mac address table rows:
mac-address-table static 0101.0000.0101 vlan 10 interface gi1/10
mac-address-table static 0101.0000.0000 vlan 13 interface gi1/20
The ports are configured differently to evaluate the difference in techniques.
I have two Linux hosts, one each connected to the above ports. Each is configured the same with four subinterfaces:
eth1.10, eth1.11, eth1.12, and eth1.13.
There is no IP address on the main interface or any subinterface. I have two traffic sources sending traffic. Each sends ethernet frames with BOTH destination mac addresses, but one traffic source is on vlan 10 and the other is on vlan 13.
On host 1, the host connected to port 1/10, I see no traffic when I sniff eth1.10,11,12, or 13, but do see traffic when I run 'tcpdump -i eth1'. This makes sense to me as those subinterfaces would only be expecting traffic tagged with VLAN appropriate VLAN ID (10,11,12, or 13) and this switchport is configured for access. Have I interpreted this correctly?
The curious thing is that host 1's tcpdump output ALSO shows the other mac, even though the static entry clearly says to only send the one type of traffic out the port. How is that possible?
The situation is equally strange on host 2 (the one connected to the trunking port). He sees only one mac address (the proper one), but he sees it on both eth1.10 AND eth1.13. Now I'm just confused. How is that possible, even though both vlans have both destination macs? Shouldn't the mac-address-table limit that to just what's entered there?